• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2000 Relay

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> General >> Exchange 2000 Relay Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Exchange 2000 Relay - 17.Nov.2006 5:01:18 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Hi all, one of my servers is trying to send out email using my Exchange 2000 server. For some reason it's receiving the error "550 Relay attempt blocked for email@domain.com". I've included the internal IP address of this server in the "Allow relay" list on the Exchange SMTP virtual servers to no go. Any ideas?

Thanks!
Post #: 1
RE: Exchange 2000 Relay - 17.Nov.2006 7:29:29 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Where are you getting this error from a non deliverable message?

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 2
RE: Exchange 2000 Relay - 17.Nov.2006 9:36:23 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Thanks for the reply jchong.

I'm receiving the error in the application that sends it. It's a feature of our grade server, where it emails parents if their student receives a grade below a threshold. It works when it sends an email to a local account, but not external.

Thanks again!

(in reply to jchong)
Post #: 3
RE: Exchange 2000 Relay - 17.Nov.2006 10:06:22 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Ah ok. You're on the right track to have added that IP in the allowed relay list. If its still not working, are you sure that this application's IP is not natted to a public IP, thus requiring you to use the public ip rather than the internal ip?

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 4
RE: Exchange 2000 Relay - 17.Nov.2006 11:05:09 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Hi James,

No, I'm pretty sure it doesn't. You can set settings for your SMTP server (including credentials) in the program. I'm sure these are correct credentials as I've tried them and different ones several times.

Here's a little bit more information about my mail setup:

I have my spam filter (a free perl script called Anti-Spam SMTP Proxy Server) listening on port 25. Here, I'll copy a map of emails I documented a while back:

Internet (incoming on TCP port 25)
  |
ASSP (listening on TCP port 25)
  |
Forwarded to TCP port 225
  |
Exchange Default SMTP Virtual Server (listening on TCP port 225)
  |
To Recipient's Mailbox


Outgoing email is a bit more complicated:

From Sender's Mailbox
  |
Exchange Default SMTP Virtual Server (SmartHost on TCP port 125)
  |
ASSP (relay TCP port 125, relay host TCP port 325)
  |
Exchange Server ASSP Relay Virtual Server (listening on TCP port 325)
  |
Exchange Server ASSP Relay SMTP Connector (email sent out using DNS)


I've added 10.0.0.4 (the IP of the server trying to send the email) to both the lists on the Default SMTP Virtual Server and the ASSP Relay Virtual Server. Both are set to allow all computers which successfully authenticate to relay.

I really appreciate your help!


< Message edited by PCBrandon -- 17.Nov.2006 11:09:13 PM >

(in reply to jchong)
Post #: 5
RE: Exchange 2000 Relay - 17.Nov.2006 11:10:46 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Not a problem. So this application is inside the LAN? From the application server, open a command prompt and telnet to your exchange server on the specified port and try to send mail to an external account. See if it goes through. Then we can identify if it's a relay issuing on the ex server or a misconfigured setting on the application.

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 6
RE: Exchange 2000 Relay - 17.Nov.2006 11:17:59 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Here we go:

I opened a telnet connection to port 25. I used the following commands:

HELO
MAIL FROM:localaccount@localdomain.com
RCPT TO:externalaccount@externaldomain.com

I received the response: "530 Relaying Not Allowed" after submitting the RCPT TO command.

Thanks.

(in reply to jchong)
Post #: 7
RE: Exchange 2000 Relay - 17.Nov.2006 11:26:05 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Thanks, ok can you do this.

1. Enable smtp logging make sure you do extended logging options and select everything. Now in your application try sending an email. Then post what shows in the smtp log, verify that you have the correct ip in the relay list thats showing in the smtp logs

2. Please let me know what you have configured in your smtp virtual server properties in the access tab, for authentication, connection and relay.

3. Run best practice analyzer so it can review any misconfigured settings with your smtp virtual servers(s)



_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 8
RE: Exchange 2000 Relay - 17.Nov.2006 11:29:31 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
James,

I was able to telnet to the SmartHost (port 125) and send an email using Telnet from that. Does that tell you anything, or should I go ahead and complete those steps you listed in your previous post?

(in reply to jchong)
Post #: 9
RE: Exchange 2000 Relay - 17.Nov.2006 11:34:10 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Who were you telnetting to before?

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 10
RE: Exchange 2000 Relay - 17.Nov.2006 11:35:36 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
I used telnet to connect to the mail server on port 25 (it failed then). I then used it to connect to port 125 on the mail server and it sent the email.

(in reply to jchong)
Post #: 11
RE: Exchange 2000 Relay - 17.Nov.2006 11:36:23 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Configure your application to send on port 125.

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 12
RE: Exchange 2000 Relay - 17.Nov.2006 11:41:04 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Unforunately, I don't see a place to do that in the SMTP settings for the application.

Here is the log:

[ Log Removed ]

< Message edited by PCBrandon -- 18.Nov.2006 2:03:29 AM >

(in reply to jchong)
Post #: 13
RE: Exchange 2000 Relay - 17.Nov.2006 11:45:22 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
This log looks like its accepting the message. So you got an ndr back after sending through the app? What server is sending back the ndr? This is an option, its unfortunate that this app won't let you configure the port. What you can do is create another smtp virtual server and set it to use port 25. Then your app should be able to send to it. On this new smtp virtual server enter the ip of this app to relay.

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 14
RE: Exchange 2000 Relay - 17.Nov.2006 11:46:42 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
The spam filter is already listening on port 25, so I couldn't do that, could I? 

(in reply to jchong)
Post #: 15
RE: Exchange 2000 Relay - 17.Nov.2006 11:49:24 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Is your spam filtering installed on top of your Exchange server?

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 16
RE: Exchange 2000 Relay - 17.Nov.2006 11:51:01 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Yes, it is.

I receive the error in the application that's trying to send the email. I know the email doesn't reach the recipient.

(in reply to jchong)
Post #: 17
RE: Exchange 2000 Relay - 17.Nov.2006 11:53:49 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
The spam filter is what looks like is causing your server not to relay. There should be a setting in your spam application to allow this host to relay since it's acting as an smtp proxy. Is there a setting?

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to PCBrandon)
Post #: 18
RE: Exchange 2000 Relay - 17.Nov.2006 11:57:44 PM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Yes, and I've added the IP address of the application server to the setting. It seems its clear that it's not an Exchange issue now, so I really appreciate your help!

Have a good night.

(in reply to jchong)
Post #: 19
RE: Exchange 2000 Relay - 18.Nov.2006 12:00:17 AM   
PCBrandon

 

Posts: 20
Joined: 22.Jul.2006
Status: offline
Well, there was an option to "Bypass your SMTP server" on the SMTP settings in the application. I figured I'd give it a whirl and it looks like it's working now. 

Thanks for the help.

(in reply to PCBrandon)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> General >> Exchange 2000 Relay Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter